MFSA releases policy on penalties for businesses which fail to submit reports

The Malta Financial Services Authority (MFSA) has released a policy document on non-material breaches and how they are enforced. It was supplemented with a guidance note to ensure transparency, and consistency in the interpretation of the breaches, and how the administrative fines are applied.

The MFSA repeatedly stresses that the fines are meant to be effective, proportionate, and dissuasive.

It was made clear that, the main factors influencing the size of the administrative penalty are the duration of the breach and whether it has been repeated in the past three fiscal years. A non-exhaustive list of regulatory reporting requirements was included. If a business fails to submit what is required, it may be subjected to a fine. However it is possible to lodge an appeal if necessary/

Calculating the fine is done in three levels. The first level is determined by the base amount set by the MFSA, which can not be lower than the minimum penalty set by law. The size of the base amount varies according to the criticality of the sector in the economy, and which regulatory requirement is in breach.

The second level depends on the duration of the breach, which may increase fines by at least 20 per cent of the base amount, and up to 70 per cent. The second level enters into force when at least 100 days have passed (+20 per cent) and increases by 10 per cent for every additional 100 days of the breach. Therefore, if the breach has been ongoing for at least 400 days but not more than 500 days, then the administrative fine is increased by 50 per cent.

The third level depends on whether the breach has been repeated, so if a business has repeatedly failed to comply with one or two regulatory provisions within the past three fiscal years, a further 10 per cent is added to the fine determined at level two. For every couple more breaches, a further 10 per cent is added, going up to 60 per cent, which is imposed when there have been more than 10 breaches.

 Case study

If a business has failed to comply with regulatory requirements, level one of enforcement enters into force, and the business is subjected to a fine of (as an example) €2,000. If the business is found to have been in breach for 350 days, then a further 40 per cent is added to the fine, increasing it to €2,800 as outlined in level two. Lastly, if the business is found to have repeatedly failed to comply with five regulatory provisions, then an additional 30 per cent is added as outlined in level three, increasing the fine to €3,640. This concludes with the base fine of €2,000 being increased by 82 per cent.

The worst-case scenario would be if the business is in breach for more than 700 days and failed to comply with more than 10 regulatory requirements, increasing the base fine of €2,000 by 70 per cent which would come to €3,400, and then a further 60 per cent resulting in a fine of €5,440. This results in a total increase of 172.2 per cent.

“Following the publication of the Guidance note on the calculation of administrative penalties issued earlier this year, the implementation and publication of this latest policy on non-material breaches and the corresponding Guidance Note, is another step in the right direction which is aimed at ensuring that there is transparency of the Authority’s policies and practices for licence holders authorised and supervised by the MFSA,” added Dr Michelle Mizzi Buontempo, Chief Officer Enforcement and MFSA’s Acting CEO.

Here you may find the policy document and the guidance note.